Important notice!

Due to an unfortunate rsync backup mixup, I accidentally removed all code (and source control history) of this project. Oops.


What is a chaining proxy server?

Proxy chaining allows indirect connections to web sites and remote ports that may be otherwise be blocked by an intermediate proxy server.

Why would you use a chaining proxy server?

You may be required to access the internet though an intermediate proxy server. If this is the case;

You may want to try to make an anonymous connection to a server. If this is the case;

Origins of the janus proxy server

The janus proxy server is a modification of an existing GPL project written in C# designed to allow chaining of proxy servers. It had code to authenticate against NTLM proxy servers, but this code wasn't working. I modified the program to use the LM authentication method, and added unit tests to ensure the messages sent for both NT and LM authentication were binary identical to the authentication messages sent by the python NTLM proxy server authentication program.

The program was refactored so that the core server authentication code was part of a library (as opposed to being embedded in a gui), and added a console program that used this library. All future changes flowed on from this core technology.


Core proxy server

The Janus proxy server is written in C#.

While modifying the NTLM authentication, it was modified to use the C# encryption libraries where appropriate.

Functionality is in a library

As the core functionality is in a library, it can be used in many contexts. For example, there is a gui to provide hard coded tunnels through to specific servers, and a console application capable of dynamically switching between proxies.

Dynamic proxy server allocation

The dynamic proxy server allocator keeps track of all available proxies. When a proxy becomes out of date, it is automatically removed from the list of available proxies. Proxy inforation, such as what ports it can (and cannot) connect, authentication details, are also stored.

Detect invalid proxy servers

By detecting when a proxy server becomes invalid, the proxy chainer can only attempt valid proxy configurations. This can include limiting servers to only connect through certain ports. At the moment there are no brains behind choosing which proxy servers to use (and it doesn't detect when a proxy server forbids connecting to a certain port).

Load proxy servers from a file

Proxy servers are stored in an xml config file, and as proxy server changes are detected, this file is automatically updated with the new configurations.

Multiple servers

Multiple servers can be running simultaneously, all reusing the one proxy list. These servers can either be tunnels to specific external servers, or open ended tunnels, ending in an http proxy (for use by proxy aware programs, such as web browsers). The configuration in these servers is stored in an xml configuration file.

Future improvements

Detect who is forbidding

When we receive a forbidden message from a proxy server, we need to detect if the forbidden message arose from the intermediate proxy or the destination server. Without this we cannot reliably detect invalid proxy servers.

Authenticate arbitrary http messages

By authenticating http messages directly, only a single proxy need be used. This also allows the proxy server to request pages itself. It will also allow invalidating final http proxy servers (at the moment we can only invalidate the end proxy if we fail to connect to it).

Automatic download of proxy server list

As the server can now authenticate messages directly, it is capable of requesting proxy server lists from the internet. Implementing this will allow the proxy server to be maintained automatically (as currently the proxy servers need to be updated every couple of days by hand).

Website specific customisations

As the server is now capable of scanning incoming http packets, it should read these packets, and perform actions specific to the destination address and port. This allows a single proxy server to be used, instead of switching within the client application.

Web server configuration

Implement a simple web server to perform the customisations. This is FAR better then implementing a gui to do the same thing.

Get it working on mono

Get it working on mono. This will either be trivial or extremely difficult, depending on whether mono implements the required encryption libraries.



End of 2004

Following an unfortunate rsync backup mixup, all source (and binaries) to this project was lost. Oops.

More progress

22 September 2004

Initial modifications to Janus proxy server

16 August 2004